Hello all. I have windows 7 clients (supplicants), D-link access point (authenticator), Cisco acs 5.2 virtual appliance with evalution license (acts as authentication server - Radius server). I want to setup EAP authentication (PEAP) that users will be able connect to Wireless LAN with login-password. I've done some configurations, but I did not get any result. in ACS 5.2 I get this error message:
11014 RADIUS packet contains invalid attribute(s): RADIUS Request dropped
One of the attributes in the RADIUS packet did not parse correctly
Please, help me for solving this problem.
I have the same problem with ACS 4.2 and TP-link AP, i try to use it without certificate authority, I only need login with user and password.
I just resolve my problem.
Interface Configuration > Radius (Microsoft)
enable all checks. Then in Group Setup.
In the group where my user is asign enable all checks in Section
Microsoft RADIUS Attributes
The authentication whitout certificate and TP-link was sucessfull in Iphone, Mac OS, android phone and windows.
This whit ACS 4.2.
The Device in Network Configuration use Radius (IETF).
My next test is use this configuration but with Catalyst and IBSN.
I changed Authorization Profile to default 'Permit Access' in Access Policies -> Authorization -> Rule.
But you need eap certificate for peap-mschapv2 authentification.
The problem is: If Client (supplicant) does not validate a Radius server certificate for creating eap tunnel, it does not connect.
What i did?
In windows xp and windows 7 clients I unchecked 'Validate certificate' option and get successfull connection.
But in Iphone, android phones, tablets etc. I don't know what to do.
I think that it is not true solution.
May be I should by a certificate (for example, from VeriSign) that validates all systems?
In Android Iphone and MAC OS, in my situation the devices negotiate automatic without certificate, do you enable in
Allow "EAP-MSCHAPv2" and "Allow EAP-GTC" in System configuration > Global Authentication Setup?